Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=php.at.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://php.at.ua/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://php.at.ua/ | 200 OK Content-Length: 22223 Content-Type: text/html | clean |
http://s10.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s10.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s10.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 19470 Content-Type: text/javascript | clean |
http://chicop.ru/68sb0mshp9b78t1epj44r8zi8bjocb9 | 200 OK Content-Length: 8472 Content-Type: text/javascript | clean |
http://php.at.ua/publ/1 | 200 OK Content-Length: 60512 Content-Type: text/html | clean |
http://php.at.ua/publ/2 | 200 OK Content-Length: 53593 Content-Type: text/html | clean |
http://php.at.ua/index/0-6 | 200 OK Content-Length: 19869 Content-Type: text/html | clean |
http://php.at.ua/publ/4-1-0-18 | 200 OK Content-Length: 60536 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function addcom(f){if (document.getElementById('addcBut')){document.getElementById('addcBut').disabled=true;}else {try{document.addform.submit.disabled=true;}catch(e){}}if (document.getElementById('eMessage')){document.getElementById('eMessage').innerHTML='<span style="color:#8B8B8B"><img src="http://s10.ucoz.net/img/ma/m/i2.gif" border="0" align="absmiddle" width="13" height="13"> ÐÐ´ÐµÑ Ð¿ÐµÑедаÑа даннÑÑ
...</span>';}_uPostForm('acform',{type:'POST',url:'http://php.at.ua/index/'});}var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('Cpuw|{\'{!wlD)opkklu)\'uhtlD)zvz)\'}hs|lD)><7?@;>7>)\'6E7'); Antivirus reports:
| ||
http://s10.ucoz.net/src/socCom.js | 200 OK Content-Length: 6344 Content-Type: text/javascript | clean |
http://s10.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=2php | 200 OK Content-Length: 520 Content-Type: application/javascript | clean |
http://php.at.ua/publ/3 | 200 OK Content-Length: 44512 Content-Type: text/html | clean |
http://php.at.ua/publ/4 | 200 OK Content-Length: 35577 Content-Type: text/html | clean |
http://php.at.ua/publ/11 | 200 OK Content-Length: 33693 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: php.at.ua
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 12 Dec 2014 20:45:31 GMT
Server: uServ/3.2.2
Content-Length: 22223
Content-Type: text/html; charset=UTF-8
...22223 bytes of data.
GET / HTTP/1.1
Host: php.at.ua
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 12 Dec 2014 20:45:31 GMT
Server: uServ/3.2.2
Content-Length: 22223
Content-Type: text/html; charset=UTF-8
...22223 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: php.at.ua
Referer: http://www.google.com/search?q=php.at.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: php.at.ua
Referer: http://www.google.com/search?q=php.at.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.